AEDA Dashboard

AEDA Dashboard

The AEDA Dashboard features a topology map and a number of key metrics based on the outcomes of scheduled Monitors. This interactive dashboard is frequently used as an executive-level display.

A sample AEDA Dashboard is shown below:

Sample AEDA Dashboard

AEDA Map

The AEDA map is similar to the map you see when you launch Environment > Map. The AEDA map, however, has additional elements, including:

  • Color-coded connection lines between zones and between Actors in the same zone
  • Counts on those lines that indicate how many Monitors run between those zones. Counts depend on the color of the connection lines.
    • If the connection line is green, the count reflects the number of Monitors for that connection
    • If the connection line is red, the count reflects the number of failed Monitors for that connection

  • Color-coded Actors

    There are three possible color options:

    • Green: All Actions contained in Monitors are passing
    • Red: one or more Actions contained in Monitors are failing
    • No color: Zone combination or Actor is not included in a Monitor

You can click on one of the numbers on a line between two Actors or security zones to see a popup that contains details about the Monitors that have run. Details include the name of the Action that ran, VID number, source and destination Actors, status, and a link to the last run Job. The screenshot below shows an example of the popup:

Details of Monitors between Zones

AEDA Dashboard Counts

Counts shown at the top of the dashboard include the following:

  • Active Security Monitors: This number represents the sum total of Monitors being run, including all Security Zones and Actors. The Active Security Monitors count is also interactive, and displays a popup that lists which Monitors are currently active in your environment, as demonstrated in the screenshot below .

    NOTE: The same Action run between different Actors counts as two distinct Monitors.

    AEDA Active Security Monitors

  • Unique Checks: This number identifies the number of unique Actions used in the various Monitors.

  • Active Security Alerts: This number identifies the number of Monitors that have generated alerts. Monitors generate alerts when defined, expected behaviors are not met (e.g., events are not generated in the SIEM, Actions are not blocked, etc.).

    The Sample AEDA Dashboard screenshot at the beginning of this article shows that we have 6 active security alerts. Notice the red connecting lines and the red circles around the Actors, which indicate alerts between those two points.

    The active security alerts count is also interactive, with the popup containing the same information you see when viewing the Active Monitors details, as displayed in the screenshot below:

Alerting Monitors

© Copyright Mandiant. All rights reserved
  • First Published: May 20, 2022
  • Last updated: January 12, 2023
In This Article
Related Articles
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.